fix(azidentity): do not strip away request headers in doForClient

Some authorities might require certain headers to be passed. For example, in our dSTS auth flow, the request form contains client_info, which needs to be accompanied by X-Client-SKU=MSAL.Go header, else the API call produces AADSTS501791: Client_info is only supported for MSAL/ADAL, please ensure that MSAL/ADAL custom headers are being sent. The `doForClient` function creates new `runtime.Request` from the incoming request, but it fails to propagate the respective headers. This commits is addressing that. Signed-off-by: HandsomeJack <[email protected]>
Azure · Dec 14, 2023 · 7a87ba0 · 7a87ba0
1 parent 85abd23
commit 7a87ba0
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 0 deletions.
diff --git a/sdk/azidentity/CHANGELOG.md b/sdk/azidentity/CHANGELOG.md
@@ -8,6 +8,7 @@
 ### Breaking Changes
 
 ### Bugs Fixed
+* `azidentity.doForClient` method no longer removes headers from the incoming request
 
 ### Other Changes
 

diff --git a/sdk/azidentity/azidentity.go b/sdk/azidentity/azidentity.go
@@ -151,6 +151,17 @@ func doForClient(client *azcore.Client, r *http.Request) (*http.Response, error)
 			return nil, err
 		}
 	}
+
+	// copy headers to the new request, ignoring any for which the new request has a value
+	h := req.Raw().Header
+	for key, vals := range r.Header {
+		if _, has := h[key]; !has {
+			for _, val := range vals {
+				h.Add(key, val)
+			}
+		}
+	}
+
 	resp, err := client.Pipeline().Do(req)
 	if err != nil {
 		return nil, err

diff --git a/sdk/azidentity/azidentity_test.go b/sdk/azidentity/azidentity_test.go
@@ -1077,6 +1077,10 @@ func TestDoForClient(t *testing.T) {
 					assert.Empty(t, rb)
 				}
 
+				for k, v := range tt.headers {
+					assert.Equal(t, v, req.Header[k])
+				}
+
 				assert.Equal(t, policyHeaderValue, req.Header.Get(policyHeaderName))
 
 				rw.Header().Set("content-type", "application/json")